From 341efc1cc7367931a9aef88d2f0ade8d93e9702b Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 1 Dec 2017 09:31:02 +0100 Subject: ma pkgs.PkgDecrypt: init --- makefu/5pkgs/PkgDecrypt/default.nix | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 makefu/5pkgs/PkgDecrypt/default.nix diff --git a/makefu/5pkgs/PkgDecrypt/default.nix b/makefu/5pkgs/PkgDecrypt/default.nix new file mode 100644 index 000000000..80bcbcac1 --- /dev/null +++ b/makefu/5pkgs/PkgDecrypt/default.nix @@ -0,0 +1,27 @@ +{ stdenv, lib, pkgs, fetchFromGitHub, ... }: +stdenv.mkDerivation rec { + name = "PkgDecrypt-2017-12-01"; + rev = "e2f9518"; + + src = fetchFromGitHub { + owner = "St4rk"; + repo = "PkgDecrypt"; + inherit rev; + sha256 = "0dk13qamxyny0vc990s06vqddxwwc6xmikb1pkc3rnys98yda29p"; + }; + + installPhase = '' + install -m755 -D pkg_dec $out/bin/pkg_dec + install -m755 -D make_key $out/bin/make_key + ''; + + buildInputs = with pkgs;[ + zlib + ]; + + meta = { + homepage = https://github.com/St4rk/PkgDecrypt; + description = "St4rk's Vita pkg decrypter"; + license = lib.licenses.gpl2; + }; +} -- cgit v1.2.3 From 7cbb04c7c62a339559d192886f5b4b29e49f0b7e Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 1 Dec 2017 10:03:29 +0100 Subject: ma pkgs.pkg2zip: init --- makefu/5pkgs/pkg2zip/default.nix | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 makefu/5pkgs/pkg2zip/default.nix diff --git a/makefu/5pkgs/pkg2zip/default.nix b/makefu/5pkgs/pkg2zip/default.nix new file mode 100644 index 000000000..36c3d7176 --- /dev/null +++ b/makefu/5pkgs/pkg2zip/default.nix @@ -0,0 +1,29 @@ +{ stdenv, lib, pkgs, fetchFromGitHub, ... }: +stdenv.mkDerivation rec { + name = "pkg2zip-2017-12-01"; + rev = "fccad26"; + + src = fetchFromGitHub { + owner = "mmozeiko"; + repo = "pkg2zip"; + inherit rev; + sha256 = "1sq9yx5cbllmc0yyxhvb6c0yq1mkd1mn8njgkkgxz8alw9zwlarp"; + }; + + installPhase = '' + install -m755 -D pkg2zip $out/bin/pkg2zip + + install -m755 -D rif2zrif.py $out/bin/rif2zrif + install -m755 -D zrif2rif.py $out/bin/zrif2rif + ''; + + buildInputs = with pkgs;[ + python3 + ]; + + meta = { + homepage = https://github.com/St4rk/PkgDecrypt; + description = "St4rk's Vita pkg decrypter"; + license = lib.licenses.gpl2; + }; +} -- cgit v1.2.3 From cd9447c43cb931b97de373bb728dab4045551651 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 5 Dec 2017 14:39:56 +0100 Subject: ma pkgs.airsensor-py: init at 2017-12-05 --- makefu/5pkgs/airsensor-py/default.nix | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 makefu/5pkgs/airsensor-py/default.nix diff --git a/makefu/5pkgs/airsensor-py/default.nix b/makefu/5pkgs/airsensor-py/default.nix new file mode 100644 index 000000000..b467872b4 --- /dev/null +++ b/makefu/5pkgs/airsensor-py/default.nix @@ -0,0 +1,17 @@ +{ pkgs, fetchFromGitHub, ... }: +with pkgs.python3Packages; +buildPythonApplication rec { + name = "airsensor-py-${version}"; + version = "2017-04-24"; + propagatedBuildInputs = [ + pyusb + click + ]; + + src = fetchFromGitHub { + owner = "dfederschmidt"; + repo = "airsensor-py"; + rev = "c476918"; + sha256 = "0dc88vqxsgx20asbwfdjmz6yl6bvv65k0krvmmss3gcwxdgh9p2q"; + }; +} -- cgit v1.2.3 From a56a9bf39e0338ce3b3f1fbfca08b701be27367a Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 5 Dec 2017 15:15:32 +0100 Subject: ma wbob.r: add grafana --- makefu/1systems/wbob/config.nix | 51 ++++++++++++++++++++++++++++++++++++++--- 1 file changed, 48 insertions(+), 3 deletions(-) diff --git a/makefu/1systems/wbob/config.nix b/makefu/1systems/wbob/config.nix index ac51fd9ca..f7b60fa93 100644 --- a/makefu/1systems/wbob/config.nix +++ b/makefu/1systems/wbob/config.nix @@ -3,6 +3,7 @@ let rootdisk = "/dev/disk/by-id/ata-TS256GMTS800_C613840115"; datadisk = "/dev/disk/by-id/ata-HGST_HTS721010A9E630_JR10006PH3A02F"; user = config.makefu.gui.user; + primaryIP = "192.168.8.11"; in { imports = @@ -10,16 +11,19 @@ in { - - - + + # + # + # # + + # # # @@ -27,6 +31,44 @@ in { # Services + + + + + (let + collectd-port = 25826; + influx-port = 8086; + grafana-port = 3000; # TODO nginx forward + db = "collectd_db"; + logging-interface = "enp0s25"; + in { + services.grafana.enable = true; + services.grafana.addr = "0.0.0.0"; + + services.influxdb.enable = true; + services.influxdb.extraConfig = { + meta.hostname = config.krebs.build.host.name; + # meta.logging-enabled = true; + http.bind-address = ":${toString influx-port}"; + admin.bind-address = ":8083"; + collectd = [{ + enabled = true; + typesdb = "${pkgs.collectd}/share/collectd/types.db"; + database = db; + bind-address = ":${toString collectd-port}"; + }]; + }; + + networking.firewall.extraCommands = '' + iptables -A INPUT -i ${logging-interface} -p udp --dport ${toString collectd-port} -j ACCEPT + iptables -A INPUT -i ${logging-interface} -p tcp --dport ${toString influx-port} -j ACCEPT + iptables -A INPUT -i ${logging-interface} -p tcp --dport ${toString grafana-port} -j ACCEPT + + ip6tables -A INPUT -i ${logging-interface} -p udp --dport ${toString collectd-port} -j ACCEPT + ip6tables -A INPUT -i ${logging-interface} -p tcp --dport ${toString influx-port} -j ACCEPT + ip6tables -A INPUT -i ${logging-interface} -p tcp --dport ${toString grafana-port} -j ACCEPT + ''; + }) # temporary # @@ -96,6 +138,9 @@ in { # rt2870 with nonfree creates wlp2s0 from wlp0s20u2 # not explicitly setting the interface results in wpa_supplicant to crash networking.wireless.interfaces = [ "wlp2s0" ]; + networking.interfaces.enp0s25.ip4 = [ + { address = primaryIP; prefixLength = 24;} + ]; networking.interfaces.virbr1.ip4 = [{ address = "10.8.8.11"; prefixLength = 24; -- cgit v1.2.3 From 04e6eeb7c8e2e3141293a84bc147265725208999 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 5 Dec 2017 15:16:13 +0100 Subject: ma telegraf: separate, add airsensor --- makefu/2configs/stats/telegraf/airsensor.nix | 15 +++++++++++++++ makefu/2configs/stats/telegraf/default.nix | 3 --- 2 files changed, 15 insertions(+), 3 deletions(-) create mode 100644 makefu/2configs/stats/telegraf/airsensor.nix diff --git a/makefu/2configs/stats/telegraf/airsensor.nix b/makefu/2configs/stats/telegraf/airsensor.nix new file mode 100644 index 000000000..c0c64b238 --- /dev/null +++ b/makefu/2configs/stats/telegraf/airsensor.nix @@ -0,0 +1,15 @@ +{ pkgs, ...}: + +{ + services.telegraf.extraConfig.inputs.exec = [ + { + commands = [ "${pkgs.airsensor-py}/bin/airsensor-py"]; + timeout = "10s"; + data_format = "value"; + data_type = "integer"; + name_override = "airquality"; + interval = "10s"; + tags.unit="VOC"; + } + ]; +} diff --git a/makefu/2configs/stats/telegraf/default.nix b/makefu/2configs/stats/telegraf/default.nix index 4da6561d6..049a9c037 100644 --- a/makefu/2configs/stats/telegraf/default.nix +++ b/makefu/2configs/stats/telegraf/default.nix @@ -2,9 +2,6 @@ let url = "http://localhost:8086"; in { - imports = [ - ./europastats.nix - ]; services.telegraf = { enable = true; extraConfig = { -- cgit v1.2.3 From 15e9582955dc08e88ef48b8a6c9fbe932eba282e Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 8 Dec 2017 13:36:29 +0100 Subject: ma source: bump to 2017-12-08 --- makefu/source.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makefu/source.nix b/makefu/source.nix index aa49062e9..ce5855430 100644 --- a/makefu/source.nix +++ b/makefu/source.nix @@ -11,7 +11,7 @@ let then "buildbot" else "makefu"; _file = + "/makefu/1systems/${name}/source.nix"; - ref = "6778819"; # unstable @ 2017-11-14 + ref = "3874de4"; # unstable @ 2017-12-08 # + do_sqlite3 ruby: 55a952be5b5 in -- cgit v1.2.3 From fe0feb9436b68686d7e237c36057fa6e3eee69b9 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 8 Dec 2017 13:36:50 +0100 Subject: ma devpi: move devpi-server upstream --- makefu/5pkgs/devpi/default.nix | 60 +----------------------------------------- 1 file changed, 1 insertion(+), 59 deletions(-) diff --git a/makefu/5pkgs/devpi/default.nix b/makefu/5pkgs/devpi/default.nix index e7c26da55..3ddcd9641 100644 --- a/makefu/5pkgs/devpi/default.nix +++ b/makefu/5pkgs/devpi/default.nix @@ -14,18 +14,6 @@ let propagatedBuildInputs = with pkgs.python3Packages; [ docutils bleach pygments ]; }; - devpi-client = pkgs.python3Packages.buildPythonPackage rec { - name = "devpi-client"; - version = "2.7.0"; - - src = pkgs.fetchurl { - url = "mirror://pypi/d/devpi-client/devpi-client-${version}.tar.gz"; - sha256 = "0z7vaf0a66n82mz0vx122pbynjvkhp2mjf9lskgyv09y3bxzzpj3"; - }; - patches = [ ./py3-fix-encoding.patch ]; - buildInputs = with pkgs.python3Packages; [ tox check-manifest pkginfo ]; - propagatedBuildInputs = with pkgs.python3Packages; [ devpi-common py ]; - }; devpi-web = pkgs.python3Packages.buildPythonPackage rec { name = "devpi-web"; version = "3.1.1"; @@ -37,7 +25,7 @@ let }; propagatedBuildInputs = with pkgs.python3Packages; - [ devpi-server pyramid_chameleon beautifulsoup4 defusedxml readme-renderer ]; + [ pkgs.devpi-server pyramid_chameleon beautifulsoup4 defusedxml readme-renderer ]; meta = { homepage = https://bitbucket.org/hpk42/devpi; @@ -47,53 +35,7 @@ let }; }; - devpi-common-3 = pkgs.python3Packages.buildPythonPackage rec { - name = "devpi-common"; - version = "3.0.1"; - - src = pkgs.fetchurl { - url = "mirror://pypi/d/devpi-common/devpi-common-${version}.tar.gz"; - sha256 = "0l3a7iyk596x6pvzg7604lzzi012qszr804fqn6f517zcy1xz23j"; - }; - - propagatedBuildInputs = with pkgs.python3Packages; [ requests py ]; - - meta = { - homepage = https://bitbucket.org/hpk42/devpi; - description = "Utilities jointly used by devpi-server and devpi-client"; - license = licenses.mit; - maintainers = with maintainers; [ lewo makefu ]; - }; - }; - - devpi-server = pkgs.python3Packages.buildPythonPackage rec { - name = "devpi-server"; - version = "4.1.1"; - - # original postFixup adds "import sys; sys.argv[0] = 'devpi-server'" to - # `.devpi-server-wrapped` which - # results in "not existing devpi-server: 'devpi-server'" - postFixup = ""; - - src = pkgs.fetchurl { - url = "mirror://pypi/d/devpi-server/devpi-server-${version}.tar.gz"; - sha256 = "1icbn1nw6w0sc5150fr69rlhs0j5ldnnxfzl2qabq2wi0dbar8hf"; - }; - - propagatedBuildInputs = with pkgs.python3Packages; - [ devpi-common-3 execnet itsdangerous pluggy waitress pyramid ]; - buildInputs = with pkgs.python3Packages; [ pytest beautifulsoup4 webtest ]; - - meta = { - homepage = https://bitbucket.org/hpk42/devpi; - description = "Devpi Server"; - license = licenses.mit; - maintainers = with maintainers; [ makefu ]; - }; - }; - in { - inherit devpi-server devpi-client; devpi-web = pkgs.python3.buildEnv.override { extraLibs = [ devpi-web devpi-server ]; }; -- cgit v1.2.3 From 8dcf39d38372391eed74318a5b67885b1a6ac29c Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 8 Dec 2017 13:37:52 +0100 Subject: ma hosts: disable v6 for wbob, disable pubkey for latte --- krebs/3modules/makefu/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 080b8fced..9f1842b88 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -107,7 +107,7 @@ with import ; ci = true; cores = 1; ssh.privkey.path = ; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIrkK1mWfPvfZ9ALC1irGLuzOtMefaGAmGY1VD4dj7K1 latte"; + # ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIrkK1mWfPvfZ9ALC1irGLuzOtMefaGAmGY1VD4dj7K1 latte"; nets = { internet = { ip4.addr = "185.215.224.160"; @@ -500,7 +500,7 @@ with import ; }; retiolum = { ip4.addr = "10.243.214.15"; - ip6.addr = "42:5a02:2c30:c1b1:3f2e:7c19:2496:a732"; + # ip6.addr = "42:5a02:2c30:c1b1:3f2e:7c19:2496:a732"; aliases = [ "wbob.r" ]; -- cgit v1.2.3 From 6d07e8aec19f3d5fa1d61904c476016879609b6a Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 8 Dec 2017 13:38:57 +0100 Subject: ma gum.r: network config changes, add tor --- makefu/1systems/gum/config.nix | 35 ++++++++++++++++++++++++++++++++--- 1 file changed, 32 insertions(+), 3 deletions(-) diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix index 98d5d2988..b66ef1ab8 100644 --- a/makefu/1systems/gum/config.nix +++ b/makefu/1systems/gum/config.nix @@ -46,7 +46,7 @@ in { # services - + # @@ -65,6 +65,8 @@ in { + + { services.taskserver.enable = true; services.taskserver.fqdn = config.krebs.build.host.name; @@ -84,13 +86,40 @@ in { # Temporary: # + + + #{ + # services.dockerRegistry.enable = true; + # networking.firewall.allowedTCPPorts = [ 8443 ]; + + # services.nginx.virtualHosts."euer.krebsco.de" = { + # forceSSL = true; + # enableACME = true; + # extraConfig = '' + # client_max_body_size 1000M; + # ''; + # locations."/".proxyPass = "http://localhost:5000"; + # }; + #} + { # wireguard server + networking.firewall.allowedUDPPorts = [ 51820 ]; + #networking.wireguard.interfaces.wg0 = { + # ips = [ "10.244.0.1/24" ]; + # privateKeyFile = (toString ) + "/wireguard.key"; + # allowedIPsAsRoutes = true; + # peers = [{ + # allowedIPs = [ "0.0.0.0/0" "::/0" ]; + # publicKey = "fe5smvKVy5GAn7EV4w4tav6mqIAKhGWQotm7dRuRt1g="; + # }]; + #}; + } ]; makefu.dl-dir = "/var/download"; services.openssh.hostKeys = [ - { bits = 4096; path = ; type = "rsa"; } - { path = ; type = "ed25519"; } ]; + { bits = 4096; path = (toString ); type = "rsa"; } + { path = (toString ); type = "ed25519"; } ]; ###### stable services.nginx.virtualHosts.cgit.serverAliases = [ "cgit.euer.krebsco.de" ]; krebs.build.host = config.krebs.hosts.gum; -- cgit v1.2.3 From 907e45dd8038f3b91860b2bec5d075890918a1e3 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 8 Dec 2017 13:39:40 +0100 Subject: ma omo.r: enable europastats --- makefu/1systems/omo/config.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/makefu/1systems/omo/config.nix b/makefu/1systems/omo/config.nix index 1d157460b..4af87dc10 100644 --- a/makefu/1systems/omo/config.nix +++ b/makefu/1systems/omo/config.nix @@ -61,6 +61,7 @@ in { # logs to influx + # services -- cgit v1.2.3 From 20eb8ac1e2d72920814b9f354623646824a68b6b Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 8 Dec 2017 13:40:02 +0100 Subject: ma bgt: add hidden service description --- makefu/2configs/deployment/bgt/hidden_service.nix | 48 +++++++++++++++++++++++ 1 file changed, 48 insertions(+) create mode 100644 makefu/2configs/deployment/bgt/hidden_service.nix diff --git a/makefu/2configs/deployment/bgt/hidden_service.nix b/makefu/2configs/deployment/bgt/hidden_service.nix new file mode 100644 index 000000000..c1a31b8dc --- /dev/null +++ b/makefu/2configs/deployment/bgt/hidden_service.nix @@ -0,0 +1,48 @@ +{ pkgs, lib, ... }: + +with lib; +let + name = "bgt_cyberwar_hidden_service"; + sec = (toString ) + "/"; + secdir = sec + name; + srvdir = "/var/lib/tor/onion/"; + basedir = srvdir + name; + hn = builtins.readFile (secdir + "/hostname"); +in +{ + systemd.services.prepare-hidden-service = { + wantedBy = [ "local-fs.target" ]; + before = [ "tor.service" ]; + serviceConfig = { + ExecStart = pkgs.writeScript "prepare-euer-blog-service" '' + #!/bin/sh + set -euf + if ! test -d "${basedir}" ;then + mkdir -p "${srvdir}" + cp -r "${secdir}" "${srvdir}" + chown -R tor:tor "${srvdir}" + chmod -R 700 "${basedir}" + else + echo "not overwriting ${basedir}" + fi + ''; + Type = "oneshot"; + RemainAfterExit = "yes"; + TimeoutSec = "0"; + }; + }; + services.nginx.virtualHosts."${hn}".locations."/" = { + proxyPass = "https://blog.binaergewitter.de"; + extraConfig = '' + proxy_set_header Host blog.binaergewitter.de; + proxy_ssl_server_name on; + ''; + }; + services.tor = { + enable = true; + hiddenServices."${name}".map = [ + { port = "80"; } + # { port = "443"; toHost = "blog.binaergewitter.de"; } + ]; + }; +} -- cgit v1.2.3 From e99a9ac9f113ea9d79ae3b830d8b328c9ef03e40 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 8 Dec 2017 14:04:35 +0100 Subject: ma wbob.r: enable bureautomation --- makefu/1systems/wbob/config.nix | 13 ++----- makefu/1systems/wbob/source.nix | 2 +- .../2configs/deployment/bureautomation/default.nix | 41 ++++++++++++++++++++++ makefu/2configs/deployment/led-fader.nix | 28 +++++++-------- makefu/2configs/share/wbob.nix | 38 ++++++++++++++++++++ makefu/2configs/stats/telegraf/airsensor.nix | 4 +++ makefu/5pkgs/airsensor-py/default.nix | 8 ++--- 7 files changed, 105 insertions(+), 29 deletions(-) create mode 100644 makefu/2configs/deployment/bureautomation/default.nix create mode 100644 makefu/2configs/share/wbob.nix diff --git a/makefu/1systems/wbob/config.nix b/makefu/1systems/wbob/config.nix index f7b60fa93..c30ee4c58 100644 --- a/makefu/1systems/wbob/config.nix +++ b/makefu/1systems/wbob/config.nix @@ -18,7 +18,6 @@ in { - # @@ -34,7 +33,10 @@ in { + + + (let collectd-port = 25826; influx-port = 8086; @@ -60,13 +62,7 @@ in { }; networking.firewall.extraCommands = '' - iptables -A INPUT -i ${logging-interface} -p udp --dport ${toString collectd-port} -j ACCEPT - iptables -A INPUT -i ${logging-interface} -p tcp --dport ${toString influx-port} -j ACCEPT iptables -A INPUT -i ${logging-interface} -p tcp --dport ${toString grafana-port} -j ACCEPT - - ip6tables -A INPUT -i ${logging-interface} -p udp --dport ${toString collectd-port} -j ACCEPT - ip6tables -A INPUT -i ${logging-interface} -p tcp --dport ${toString influx-port} -j ACCEPT - ip6tables -A INPUT -i ${logging-interface} -p tcp --dport ${toString grafana-port} -j ACCEPT ''; }) @@ -138,9 +134,6 @@ in { # rt2870 with nonfree creates wlp2s0 from wlp0s20u2 # not explicitly setting the interface results in wpa_supplicant to crash networking.wireless.interfaces = [ "wlp2s0" ]; - networking.interfaces.enp0s25.ip4 = [ - { address = primaryIP; prefixLength = 24;} - ]; networking.interfaces.virbr1.ip4 = [{ address = "10.8.8.11"; prefixLength = 24; diff --git a/makefu/1systems/wbob/source.nix b/makefu/1systems/wbob/source.nix index 6f079d712..b768aa87d 100644 --- a/makefu/1systems/wbob/source.nix +++ b/makefu/1systems/wbob/source.nix @@ -1,4 +1,4 @@ import { name="wbob"; - musnix = true; + # musnix = true; } diff --git a/makefu/2configs/deployment/bureautomation/default.nix b/makefu/2configs/deployment/bureautomation/default.nix new file mode 100644 index 000000000..3897537ea --- /dev/null +++ b/makefu/2configs/deployment/bureautomation/default.nix @@ -0,0 +1,41 @@ +{ pkgs, lib, ... }: + +with lib; +let + port = 3001; + runit = pkgs.writeDash "runit" '' + set -xeuf + PATH=${pkgs.curl}/bin:${pkgs.coreutils}/bin + name=''${1?must provide name as first arg} + state=''${2?must provide state as second arg} + # val=''${3?must provide val as third arg} + + # we ignore non-alerting events + test $state = alerting || exit 0 + + echo $name - $state + curl 'http://bauarbeiterlampe/ay?o=1' + sleep 5 + curl 'http://bauarbeiterlampe/ay?o=1' + ''; +in { + services.logstash = { + package = pkgs.logstash5; + enable = true; + inputConfig = '' + http { + port => ${toString port} + host => "127.0.0.1" + } + ''; + filterConfig = '' + ''; + outputConfig = '' + stdout { codec => json } + exec { command => "${runit} '%{ruleName}' '%{state}'" } + ''; + extraSettings = '' + path.plugins: [ "${pkgs.logstash-output-exec}" ] + ''; + }; +} diff --git a/makefu/2configs/deployment/led-fader.nix b/makefu/2configs/deployment/led-fader.nix index 4c17a1d50..292b6679d 100644 --- a/makefu/2configs/deployment/led-fader.nix +++ b/makefu/2configs/deployment/led-fader.nix @@ -1,27 +1,25 @@ -{ config, lib, pkgs, ... }: +{ config, lib, pkgs, buildPythonPackage, ... }: -with import ; let mq = "192.168.8.11"; - pkg = pkgs.stdenv.mkDerivation { + pkg = pkgs.python3Packages.buildPythonPackage { name = "ampel-master"; + src = pkgs.fetchgit { url = "http://cgit.euer.krebsco.de/ampel"; - rev = "07a6791de368e16cc0864d2676fd255eba522cee"; - sha256 = "1jxjapvkfglvgapy7gjbr1nra3ay418nvz70bvypcmv7wc8d4h8q"; + rev = "531741b"; + sha256 = "110yij53jz074zbswylbzcd8jy7z49r9fg6i3j1gk2y3vl91g81c"; }; - buildInputs = [ - (pkgs.python35.withPackages (pythonPackages: with pythonPackages; [ + propagatedBuildInputs = with pkgs.python3Packages; [ docopt paho-mqtt - ])) + requests + pytz + influxdb + httplib2 + google_api_python_client ]; - installPhase = '' - install -m755 -D fade.py $out/bin/fade.py - install -m755 -D ampel.py $out/bin/ampel - install -m755 -D times.json $out/share/times.json - ''; }; in { systemd.services.led-fader = { @@ -34,7 +32,9 @@ in { serviceConfig = { # User = "nobody"; # need a user with permissions to run nix-shell ExecStartPre = pkgs.writeDash "sleep.sh" "sleep 2"; - ExecStart = "${pkg}/bin/ampel 4 ${pkg}/share/times.json"; + ExecStart = "${pkg}/bin/ampel 4"; + Restart = "always"; + RestartSec = 10; PrivateTmp = true; }; }; diff --git a/makefu/2configs/share/wbob.nix b/makefu/2configs/share/wbob.nix new file mode 100644 index 000000000..7d3fc38fe --- /dev/null +++ b/makefu/2configs/share/wbob.nix @@ -0,0 +1,38 @@ +{config, ... }:{ + networking.firewall.allowedUDPPorts = [ 137 138 ]; + networking.firewall.allowedTCPPorts = [ 139 445 ]; + users.users.smbguest = { + name = "smbguest"; + uid = config.ids.uids.smbguest; + description = "smb guest user"; + home = "/home/share"; + createHome = true; + }; + services.samba = { + enable = true; + enableNmbd = true; + shares = { + incoming = { + path = "/data/incoming"; + "read only" = "no"; + browseable = "yes"; + "guest ok" = "yes"; + }; + data = { + path = "/data/"; + "read only" = "yes"; + browseable = "yes"; + "guest ok" = "yes"; + }; + }; + extraConfig = '' + guest account = smbguest + map to guest = bad user + # disable printing + load printers = no + printing = bsd + printcap name = /dev/null + disable spoolss = yes + ''; + }; +} diff --git a/makefu/2configs/stats/telegraf/airsensor.nix b/makefu/2configs/stats/telegraf/airsensor.nix index c0c64b238..09d23e7d4 100644 --- a/makefu/2configs/stats/telegraf/airsensor.nix +++ b/makefu/2configs/stats/telegraf/airsensor.nix @@ -1,6 +1,10 @@ { pkgs, ...}: { + services.udev.extraRules = '' + SUBSYSTEMS=="usb", ATTRS{product}=="iAQ Stick", GROUP="input" + ''; + users.users.telegraf.extraGroups = [ "input" ]; services.telegraf.extraConfig.inputs.exec = [ { commands = [ "${pkgs.airsensor-py}/bin/airsensor-py"]; diff --git a/makefu/5pkgs/airsensor-py/default.nix b/makefu/5pkgs/airsensor-py/default.nix index b467872b4..4eae26c0d 100644 --- a/makefu/5pkgs/airsensor-py/default.nix +++ b/makefu/5pkgs/airsensor-py/default.nix @@ -2,16 +2,16 @@ with pkgs.python3Packages; buildPythonApplication rec { name = "airsensor-py-${version}"; - version = "2017-04-24"; + version = "2017-12-05"; propagatedBuildInputs = [ pyusb click ]; src = fetchFromGitHub { - owner = "dfederschmidt"; + owner = "makefu"; repo = "airsensor-py"; - rev = "c476918"; - sha256 = "0dc88vqxsgx20asbwfdjmz6yl6bvv65k0krvmmss3gcwxdgh9p2q"; + rev = "7ac5f185dc848fca1b556e4c0396dd73f6a93995"; + sha256 = "0387b025y8kb0zml7916p70hmzc3y18kqh46b9xv5qayljxymq2w"; }; } -- cgit v1.2.3 From 1f0a5b9c48d9bb6ff4da068f42acc57ec44f99a4 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 8 Dec 2017 14:24:39 +0100 Subject: ma tsp.r: enable touchpad --- makefu/1systems/tsp/config.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/makefu/1systems/tsp/config.nix b/makefu/1systems/tsp/config.nix index 7b751e514..680fa2cbc 100644 --- a/makefu/1systems/tsp/config.nix +++ b/makefu/1systems/tsp/config.nix @@ -32,6 +32,8 @@ # acer aspire networking.wireless.enable = lib.mkDefault true; + services.xserver.synaptics.enable = true; + hardware.enableAllFirmware = true; nixpkgs.config.allowUnfree = true; -- cgit v1.2.3 From 3f0fe3b9bcae2917c032583ada8349a73a01dfe7 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 8 Dec 2017 14:27:54 +0100 Subject: ma share/omo: cleanup --- makefu/2configs/share/omo.nix | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) diff --git a/makefu/2configs/share/omo.nix b/makefu/2configs/share/omo.nix index 7d7a4ec57..e4fef7c3c 100644 --- a/makefu/2configs/share/omo.nix +++ b/makefu/2configs/share/omo.nix @@ -30,20 +30,14 @@ in { browseable = "yes"; "guest ok" = "yes"; }; - usenet = { - path = "/media/crypt0/usenet/dst"; - "read only" = "yes"; - browseable = "yes"; - "guest ok" = "yes"; - }; - pyload = { - path = "/media/crypt0/pyload"; + crypt0 = { + path = "/media/crypt0"; "read only" = "yes"; browseable = "yes"; "guest ok" = "yes"; }; - crypt0 = { - path = "/media/crypt0"; + crypX-games = { + path = "/media/cryptX/games"; "read only" = "yes"; browseable = "yes"; "guest ok" = "yes"; -- cgit v1.2.3 From cb105d90302aad5397ca5b4daafb31c851ace3dd Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 8 Dec 2017 14:28:36 +0100 Subject: ma tools/dev: add stockholm --- makefu/2configs/tools/dev.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/makefu/2configs/tools/dev.nix b/makefu/2configs/tools/dev.nix index 46872279a..26e9808b2 100644 --- a/makefu/2configs/tools/dev.nix +++ b/makefu/2configs/tools/dev.nix @@ -13,10 +13,12 @@ esptool cac-api cac-panel + krebszones ovh-zone whatsupnix brain gen-oath-safe cdrtools + stockholm ]; } -- cgit v1.2.3 From ec5069e0b6c948f8b5dbd2de591214a91ec0fa48 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 8 Dec 2017 14:29:08 +0100 Subject: ma pkgs: do not export devpi-server --- makefu/5pkgs/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makefu/5pkgs/default.nix b/makefu/5pkgs/default.nix index 80a453ddc..80a0d33cd 100644 --- a/makefu/5pkgs/default.nix +++ b/makefu/5pkgs/default.nix @@ -24,7 +24,7 @@ in { alsa-hdspmixer = callPackage ./custom/alsa-tools { alsaToolTarget="hdspmixer";}; alsa-hdsploader = callPackage ./custom/alsa-tools { alsaToolTarget="hdsploader";}; qcma = super.pkgs.libsForQt5.callPackage ./custom/qcma { }; - inherit (callPackage ./devpi {}) devpi-web devpi-server; + inherit (callPackage ./devpi {}) devpi-web ; nodemcu-uploader = super.pkgs.callPackage ./nodemcu-uploader {}; inkscape = super.pkgs.stdenv.lib.overrideDerivation super.inkscape (old: { patches = [ ./custom/inkscape/dxf_fix.patch ]; -- cgit v1.2.3 From 90f0675cb730e3e64b3622fd55f76c242270d672 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 8 Dec 2017 14:30:44 +0100 Subject: ma zsh: disable manual completions, enable ctrl-xewq --- makefu/2configs/zsh-user.nix | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/makefu/2configs/zsh-user.nix b/makefu/2configs/zsh-user.nix index f280fc852..6be078f6a 100644 --- a/makefu/2configs/zsh-user.nix +++ b/makefu/2configs/zsh-user.nix @@ -8,11 +8,12 @@ in users.extraUsers.${mainUser}.shell = "/run/current-system/sw/bin/zsh"; programs.zsh= { enable = true; - enableCompletion = false ; #manually at the end + enableCompletion = true ; #manually at the end interactiveShellInit = '' HISTSIZE=900001 HISTFILESIZE=$HISTSIZE SAVEHIST=$HISTSIZE + HISTFILE=$HOME/.zsh_history setopt HIST_IGNORE_ALL_DUPS setopt HIST_IGNORE_SPACE @@ -65,13 +66,15 @@ in zle -N fzf-file-widget bindkey '^T' fzf-file-widget - # Auto-Completion - for p in ''${(z)NIX_PROFILES}; do - fpath+=($p/share/zsh/site-functions $p/share/zsh/$ZSH_VERSION/functions $p/share/zsh/vendor-completions) - done - autoload -U compinit && compinit compdef _pass brain zstyle ':completion::complete:brain::' prefix "$HOME/brain" + + # ctrl-x ctrl-e + autoload -U edit-command-line + zle -N edit-command-line + bindkey '^xe' edit-command-line + bindkey '^x^e' edit-command-line + ''; promptInit = '' -- cgit v1.2.3 From 635f6e82c64066c05dc0fb7808523f00b0d60ae6 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 8 Dec 2017 14:31:06 +0100 Subject: ma tools: add signal-desktop --- makefu/2configs/tools/extra-gui.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/makefu/2configs/tools/extra-gui.nix b/makefu/2configs/tools/extra-gui.nix index bcc068d82..e25290297 100644 --- a/makefu/2configs/tools/extra-gui.nix +++ b/makefu/2configs/tools/extra-gui.nix @@ -14,5 +14,6 @@ saleae-logic arduino-user-env gitAndTools.gitFull + signal-desktop ]; } -- cgit v1.2.3 From 0908acc61644da91c41118e7846923ac8535e1ef Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 8 Dec 2017 14:31:27 +0100 Subject: ma tools/games: add pkg2zip --- makefu/2configs/tools/games.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/makefu/2configs/tools/games.nix b/makefu/2configs/tools/games.nix index 8da615963..40ea4523d 100644 --- a/makefu/2configs/tools/games.nix +++ b/makefu/2configs/tools/games.nix @@ -7,5 +7,6 @@ users.users.makefu.packages = with pkgs; [ games-user-env wine + pkg2zip ]; } -- cgit v1.2.3 From 5d4e03e22730d617419fe51cf643e14a191707d2 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 8 Dec 2017 14:31:43 +0100 Subject: ma scrape: init --- makefu/2configs/deployment/scrape/default.nix | 6 +++ makefu/2configs/deployment/scrape/selenium.nix | 65 ++++++++++++++++++++++++++ 2 files changed, 71 insertions(+) create mode 100644 makefu/2configs/deployment/scrape/default.nix create mode 100644 makefu/2configs/deployment/scrape/selenium.nix diff --git a/makefu/2configs/deployment/scrape/default.nix b/makefu/2configs/deployment/scrape/default.nix new file mode 100644 index 000000000..c7a5b5c14 --- /dev/null +++ b/makefu/2configs/deployment/scrape/default.nix @@ -0,0 +1,6 @@ +{ + imports = [ + ./elkstack.nix + ./selenium.nix + ]; +} diff --git a/makefu/2configs/deployment/scrape/selenium.nix b/makefu/2configs/deployment/scrape/selenium.nix new file mode 100644 index 000000000..d700259ba --- /dev/null +++ b/makefu/2configs/deployment/scrape/selenium.nix @@ -0,0 +1,65 @@ +{config, pkgs, lib, ...}: +with ; +let + selenium-pw = ; +in { + services.jenkinsSlave.enable = true; + users.users.selenium = { + uid = genid "selenium"; + extraGroups = [ "plugdev" ]; + }; + + fonts.enableFontDir = true; + + # networking.firewall.allowedTCPPorts = [ 5910 ]; + + systemd.services.selenium-X11 = + { + description = "X11 vnc for selenium"; + wantedBy = [ "multi-user.target" ]; + path = [ pkgs.xorg.xorgserver pkgs.tightvnc pkgs.dwm ]; + environment = + { + DISPLAY = ":10"; + }; + script = '' + set -ex + [ -e /tmp/.X10-lock ] && ( set +e ; chmod u+w /tmp/.X10-lock ; rm /tmp/.X10-lock ) + [ -e /tmp/.X11-unix/X10 ] && ( set +e ; chmod u+w /tmp/.X11-unix/X10 ; rm /tmp/.X11-unix/X10 ) + mkdir -p ~/.vnc + cp -f ${selenium-pw} ~/.vnc/passwd + chmod go-rwx ~/.vnc/passwd + echo > ~/.vnc/xstartup + chmod u+x ~/.vnc/xstartup + vncserver $DISPLAY -geometry 1280x1024 -depth 24 -name jenkins -ac + dwm + ''; + preStop = '' + vncserver -kill $DISPLAY + ''; + serviceConfig = { + User = "selenium"; + }; + }; + + systemd.services.selenium-server = + { + description = "selenium-server"; + wantedBy = [ "multi-user.target" ]; + requires = [ "selenium-X11.service" ]; + path = [ pkgs.chromium + pkgs.firefoxWrapper ]; + environment = + { + DISPLAY = ":10"; + }; + script = '' + ${pkgs.selenium-server-standalone}/bin/selenium-server -Dwebdriver.enable.native.events=1 + ''; + serviceConfig = { + User = "selenium"; + }; + }; + + +} -- cgit v1.2.3 From a64144db01d2a97f1480bdbb0908d493c3f208a2 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 8 Dec 2017 22:10:44 +0100 Subject: ma tests: add bgt hidden service --- makefu/6tests/data/secrets/bgt_cyberwar_hidden_service/hostname | 1 + 1 file changed, 1 insertion(+) create mode 100644 makefu/6tests/data/secrets/bgt_cyberwar_hidden_service/hostname diff --git a/makefu/6tests/data/secrets/bgt_cyberwar_hidden_service/hostname b/makefu/6tests/data/secrets/bgt_cyberwar_hidden_service/hostname new file mode 100644 index 000000000..2ae3807f1 --- /dev/null +++ b/makefu/6tests/data/secrets/bgt_cyberwar_hidden_service/hostname @@ -0,0 +1 @@ +dickbutt2342.onion -- cgit v1.2.3